cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-13304,https://securityvulnerability.io/vulnerability/CVE-2024-13304,Cross-Site Request Forgery Vulnerability in Drupal Minify JS,"A Cross-Site Request Forgery (CSRF) vulnerability exists in Drupal's Minify JS module, enabling attackers to potentially execute unauthorized actions without user consent. This flaw affects all versions prior to 3.0.3, allowing malicious entities to exploit user sessions and perform unintended operations on behalf of the user.",Drupal,,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T21:15:00.000Z,0
CVE-2024-13289,https://securityvulnerability.io/vulnerability/CVE-2024-13289,Cross-Site Scripting Vulnerability in Drupal Cookiebot + GTM,"A Cross-Site Scripting (XSS) vulnerability exists in the Drupal Cookiebot + GTM module, allowing attackers to inject malicious scripts into web pages generated by the product. This vulnerability affects versions from 0.0.0 to any version before 1.0.18, potentially compromising the security and data integrity of web applications utilizing this module.",Drupal,,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T21:15:00.000Z,0
CVE-2024-13294,https://securityvulnerability.io/vulnerability/CVE-2024-13294,Cross-Site Scripting Vulnerability in Drupal POST File by Drupal,"A Cross-Site Scripting (XSS) vulnerability exists in the POST File extension for Drupal, allowing attackers to inject malicious scripts into web pages. When the application improperly neutralizes input during the generation of web pages, it leads to potential exploitation. This vulnerability impacts POST File versions prior to 1.0.2, emphasizing the importance of updating to the latest version to safeguard web applications from such attacks.",Drupal,,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T21:15:00.000Z,0
CVE-2024-13301,https://securityvulnerability.io/vulnerability/CVE-2024-13301,Cross-Site Scripting Vulnerability in Drupal OAuth & OpenID Connect SSO,"An input validation flaw in the Drupal OAuth & OpenID Connect Single Sign On – SSO component allows attackers to execute arbitrary JavaScript code in the context of the user’s session. This security issue can be exploited via specially crafted input, leading to potential data theft and session hijacking. It affects specific versions of the module, underscoring the need for immediate updates and adherence to best security practices.",Drupal,,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T21:15:00.000Z,0
CVE-2024-13311,https://securityvulnerability.io/vulnerability/CVE-2024-13311,File Extension Bypass Vulnerability in Drupal by Acquia,"A security vulnerability exists in Drupal that allows unrestricted file extensions for file fields, potentially enabling unauthorized file uploads. This flaw could result in users being able to upload malicious files that could compromise the integrity of the application. It is critical to monitor and restrict file upload capabilities to maintain the security posture of the Drupal platform. For more details, refer to the announcement on the official Drupal security page.",Drupal,Allow All File Extensions For File Fields,7.3,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T21:15:00.000Z,0
CVE-2024-13292,https://securityvulnerability.io/vulnerability/CVE-2024-13292,Cross-Site Scripting Vulnerability in Drupal Tooltip by Drupal,"A Cross-Site Scripting (XSS) vulnerability exists in the Drupal Tooltip module, which improperly neutralizes user input during web page generation. This allows attackers to inject malicious scripts that execute in the context of the user's browser, potentially compromising user interactions or stealing sensitive information. The vulnerability affects versions of Tooltip from 0.0.0 prior to 1.1.2, highlighting the necessity for users to update to the latest version to mitigate risks.",Drupal,,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T21:15:00.000Z,0
CVE-2024-13290,https://securityvulnerability.io/vulnerability/CVE-2024-13290,Incorrect Authorization Vulnerability in OhDear Integration for Drupal,"The OhDear Integration component for Drupal suffers from an incorrect authorization vulnerability that enables forceful browsing. This flaw could allow unauthorized users to gain access to restricted areas of the application. The issue specifically affects versions from 0.0.0 and prior to 2.0.4, making it essential for users to update to a patched version to maintain application security.",Drupal,,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T21:15:00.000Z,0
CVE-2024-13293,https://securityvulnerability.io/vulnerability/CVE-2024-13293,Cross-Site Request Forgery Vulnerability in Drupal POST File,"A Cross-Site Request Forgery (CSRF) vulnerability exists in the Drupal POST File module, allowing unauthorized commands to be transmitted from a user that the web application trusts. This security issue impacts the POST File versions between 0.0.0 before 1.0.2, posing significant risks for web applications that utilize this module. Attackers could exploit this vulnerability to execute actions without the user's consent, potentially leading to unauthorized data manipulation or exposure.",Drupal,,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T21:15:00.000Z,0
CVE-2024-13303,https://securityvulnerability.io/vulnerability/CVE-2024-13303,Missing Authorization Vulnerability in Drupal Download All Files,"A vulnerability in the Download All Files module for Drupal has been identified that allows unauthorized users to access and download files they should not have permission to view. This missing authorization issue could lead to unauthorized data exposure, enabling attackers to forcefully browse to restricted resources within the application. The vulnerability affects versions from 0.0.0 up to, but not including, 2.0.2, making an update essential for users of this module.",Drupal,,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T21:15:00.000Z,0
CVE-2024-13300,https://securityvulnerability.io/vulnerability/CVE-2024-13300,Vulnerability in Print Anything Plugin Affecting Drupal by Drupal,"A vulnerability has been identified in the Print Anything plugin for Drupal, which may expose users to potential security risks. This issue allows for the execution of unauthorized actions, potentially compromising the integrity of affected systems. Users of the plugin are strongly encouraged to implement appropriate updates to safeguard their installations. For further information and updates, please refer to the [official advisory](https://www.drupal.org/sa-contrib-2024-066).",Drupal,,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T21:15:00.000Z,0
CVE-2024-13305,https://securityvulnerability.io/vulnerability/CVE-2024-13305,Cross-Site Scripting Vulnerability in Drupal Entity Form Steps,"An issue has been identified in the Drupal Entity Form Steps module, which allows for improper neutralization of input during web page generation, leading to a Cross-Site Scripting (XSS) vulnerability. This flaw enables attackers to inject malicious scripts, which may then be executed in the context of the user's browser when the page is rendered. Effective mitigation necessitates updating to version 1.1.4 or higher to ensure the security of applications utilizing this module.",Drupal,,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T21:15:00.000Z,0
CVE-2024-13310,https://securityvulnerability.io/vulnerability/CVE-2024-13310,Vulnerability in Git Utilities for Drupal by Drupal,"A vulnerability exists in Git Utilities for Drupal that may pose a threat to user data integrity. This flaw allows unauthorized access or manipulation of Git repositories within the Drupal environment, potentially leading to data conflicts and other security risks. It is crucial for users of Git Utilities in Drupal to apply necessary patches and stay informed about security updates to mitigate the risks associated with this vulnerability.",Drupal,Git Utilities For Drupal,6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T21:15:00.000Z,0
CVE-2024-13309,https://securityvulnerability.io/vulnerability/CVE-2024-13309,Improper Authentication Vulnerability in Drupal's Login Disable Plugin,"The improper authentication vulnerability in the Login Disable plugin for Drupal allows unauthorized users to potentially exploit incorrectly configured access control security levels. This issue affects versions from 2.0.0 up to, but not including, 2.1.1. Administrators should ensure proper configuration of access controls to mitigate potential risks associated with this vulnerability.",Drupal,Login Disable,5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T21:15:00.000Z,0
CVE-2024-13312,https://securityvulnerability.io/vulnerability/CVE-2024-13312,Authorization Flaw in Drupal Open Social Affects Multiple Versions,"A missing authorization vulnerability in Drupal Open Social permits unauthenticated users to access restricted resources through forceful browsing. This weakness affects specific versions of Open Social, namely from 11.8.0 to 12.3.10 and 12.4.0 to 12.4.9, potentially exposing sensitive functionalities to unauthorized parties. Organizations using these versions should review their configurations and apply necessary updates to safeguard against this risk.",Drupal,Open Social,5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T21:15:00.000Z,0
CVE-2024-13288,https://securityvulnerability.io/vulnerability/CVE-2024-13288,Deserialization Vulnerability in Drupal Monster Menus,"A vulnerability in the Monster Menus module for Drupal allows for object injection through the deserialization of untrusted data. This issue affects versions of Monster Menus prior to 9.3.4 and versions from 9.4.0 to 9.4.2. Exploitation of this vulnerability could lead to unauthorized actions within the application, making it essential for users to update to the recommended versions to ensure their systems are secure.",Drupal,Monster Menus,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T21:15:00.000Z,0
CVE-2024-13308,https://securityvulnerability.io/vulnerability/CVE-2024-13308,Cross-Site Scripting Vulnerability in Drupal Browser Back Button,"An issue has been identified in the Drupal Browser Back Button that allows for Cross-Site Scripting (XSS) attacks due to improper neutralization of input during web page generation. This vulnerability affects versions of the Browser Back Button from 1.0.0 through 2.0.1, enabling malicious actors to inject arbitrary scripts into web pages viewed by users, potentially leading to compromised user data and session hijacking.",Drupal,Browser Back Button,3.8,LOW,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T21:15:00.000Z,0
CVE-2024-13302,https://securityvulnerability.io/vulnerability/CVE-2024-13302,Incorrect Authorization Vulnerability in Drupal Pages Restriction Access,"An incorrect authorization vulnerability in the Pages Restriction Access module for Drupal allows attackers to bypass access control and perform forceful browsing. This flaw affects versions 2.0.0 up to 2.0.2, potentially exposing sensitive content to unauthorized users. Administrators are urged to update to the latest version to mitigate this risk.",Drupal,,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T21:15:00.000Z,0
CVE-2024-13291,https://securityvulnerability.io/vulnerability/CVE-2024-13291,Incorrect Authorization Vulnerability in Drupal Basic HTTP Authentication,"A security vulnerability in Drupal's Basic HTTP Authentication component allows attackers to exploit incorrect authorization mechanisms, potentially leading to forceful browsing. This affects versions 7.X-1.0 through 7.X-1.4, enabling unauthorized access to restricted resources. It is crucial for users to update to the patched versions to safeguard applications against this threat.",Drupal,,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T21:15:00.000Z,0
CVE-2024-13296,https://securityvulnerability.io/vulnerability/CVE-2024-13296,Object Injection Vulnerability in Mailjet by Drupal,"A vulnerability has been identified in the Mailjet plugin for Drupal that allows for Object Injection through deserialization of untrusted data. This issue can be exploited by attackers to manipulate application behavior, which could lead to unauthorized access or other malicious activities. Affected versions include Mailjet prior to 4.0.1. It is crucial for users of this plugin to update to the latest version to mitigate potential risks.",Drupal,,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T21:15:00.000Z,0
CVE-2024-13299,https://securityvulnerability.io/vulnerability/CVE-2024-13299,Vulnerability in Megamenu Framework Affects Drupal by Drupal Community,A security flaw in the Megamenu Framework for Drupal enables potential attackers to execute arbitrary JavaScript code in the context of the user's browser. This vulnerability could lead to unauthorized actions on behalf of the user or the theft of sensitive information. It is essential for site administrators using the Megamenu Framework to review their installations and apply necessary updates as soon as they become available.,Drupal,,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T21:15:00.000Z,0
CVE-2024-13295,https://securityvulnerability.io/vulnerability/CVE-2024-13295,Deserialization of Untrusted Data Vulnerability in Drupal Node Export,"A vulnerability in the Node export module of Drupal allows for deserialization of untrusted data, potentially leading to object injection attacks. This affects versions prior to 7.X-3.3, making it critical for users to update and secure their installations to prevent unauthorized access and manipulation of data.",Drupal,,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T21:15:00.000Z,0
CVE-2024-13298,https://securityvulnerability.io/vulnerability/CVE-2024-13298,Cross-Site Scripting Vulnerability in Drupal Tarte au Citron,"An issue has been identified in Drupal's Tarte au Citron, where improper neutralization of user input during web page generation can lead to Cross-Site Scripting (XSS). This vulnerability affects the product versions from 2.0.0 to 2.0.4, allowing attackers to inject malicious scripts into webpages viewed by end users, potentially compromising the security of their web applications.",Drupal,,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T21:15:00.000Z,0
CVE-2024-13267,https://securityvulnerability.io/vulnerability/CVE-2024-13267,Static Code Injection Vulnerability in Drupal Opigno TinCan Question Type,"The Opigno TinCan Question Type for Drupal contains a Static Code Injection vulnerability that allows attackers to exploit improperly neutralized directives. This vulnerability enables PHP Local File Inclusion, which could lead to unauthorized access to sensitive files within the server. It specifically affects versions prior to 7.X-1.3, making it essential for users to upgrade to the latest version to mitigate potential security risks.",Drupal,,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T20:15:00.000Z,0
CVE-2024-13277,https://securityvulnerability.io/vulnerability/CVE-2024-13277,Incorrect Authorization Vulnerability in Drupal Smart IP Ban,"The Smart IP Ban module for Drupal is vulnerable to incorrect authorization, allowing attackers to perform forceful browsing. This issue impacts Smart IP Ban versions 7.X-1.0 and earlier than 7.X-1.1, potentially enabling unauthorized access to restricted areas of the application.",Drupal,,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T20:15:00.000Z,0
CVE-2024-13278,https://securityvulnerability.io/vulnerability/CVE-2024-13278,Incorrect Authorization Vulnerability in Drupal Diff,"A vulnerability has been identified in the Diff module for Drupal, which allows for incorrect authorization, potentially enabling functionality misuse. This vulnerability impacts versions from 0.0.0 up to, but not including, 1.8.0. It is crucial for users of the affected products to apply the necessary updates to mitigate any risk associated with unauthorized access.",Drupal,,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T20:15:00.000Z,0